In this article you will learn about why java is secure language than any other programming languages. It is a common question asked in java interviews. We know that java is really popular and widely used language. Security is the prime factor for java popularity. Lets discuss about the reasons why it is so secure.
Why Java is Secure Language?
Own Memory Management
Java has its own memory management mechanism. It has automatic garbage collection system. User need not to worry about freeing memory. It greatly decreases the overhead of programmer. It will be helpful for security also. Mostly programmers forget to free memory after the usage of objects completed. So it is not good to keep memory management in hands of programmer. In java freeing memory is the responsibility of JVM.
Java does not support pointers concept. Through pointers one can reference some arbitrary memory locations to do unauthorized read and write operations. This will be big loop hole for security. Thats why Java does not use this pointers concept. So user can’t point any memory locations of other programs or system applications.
Access Specific Keywords
Having access specific keywords is one more plus point for java security. If programmer wants to give access to method to all other methods then he can use public keyword. Or if he wants it to be private he can use private. Like this programmer can control these access security issues. And if someone wants that their data cannot be overridden by other programs then they can use final keyword.
Compile Time Checking
Java strict rules for compiler checking makes it more secure. For example if an unauthorized method trying to access private variable then at compile time only JVM catches error. In compile time JVM catches as many errors so that we can avoid system crash. Two different java compilers won’t give two different results. If two different compilers have given two different values then it will be loophole for security. Because one can run malicious code which will give unwanted results that may crash the system. It also checks array bounds so that no one can access memory locations other than array.
Java has exception handling concept. In run time also it can catch the undesired results through exception handling and report to the programmer about the error. Programmer must rectify it until that it won’t allow us to run code. This feature gives more security for java.
Byte Code Verifier
First java designed to fit embedded systems. So java usability is definitely network wide. That’s why byte code came into picture. This byte code allow java programmers to code once and run anywhere. Before java most of the people were not interested to download executable programs form internet because of malicious code. Because of this byte code, executable jars available on internet. One can happily download the executable jars because of java security mechanisms. JVM verifies the code before executing it. So if any security issues are there then JVM will take care of them.
- Local variables can be initialized before accessing. Or else may lead to unauthorized access of previous values.
- Access specifications should be followed.
- Stack overflow/underflow or infinite loops should not be there.
- Methods should be called by authorized class objects only.
If any these violated then it will be suspicious code and won’t be loaded into our system.
For simply saying it will do semantic analysis and data flow analysis on the code. Then it can know flaws without running code.
When we are getting code from other networks we should maintain the details of where this code is coming. For this java.security.SourceCode class will be helpful in java. It will maintain the source information and it will check for the digital signatures which will give cryptographic security.
It is major component for security consideration. This sand box is restricted area for the applets (which are downloaded from internet) to run. These applets can’t get system resources without checking. For local code there are no restrictions for using resources.
Java Security Manager
This takes care of permissions in policy file not to be over written. Permissions are properties of classes that are checked by security manager. It takes care of system resources accessed by authorized classes only. It controls the socket connections also. Java security manager allow programmers to give security for small constructs also.
Java Class Loader
Java class loader gives assurance that untrusted classes can’t pretend like trusted classes. Actually java class loader is generic name. Many class loaders are present in JVM. Each class loader maintain name spaces for the classes. They give a different names for each class which are loaded. So untrusted classes won’t behave like trusted ones. They can’t fool JVM as trusted ones.
Java class loader, java security manager, java byte code verifier are three main important features that makes java secure language.
Comment below if you have queries or found any information incorrect in above tutorial.